Wireshark-bugs: [Wireshark-bugs] [Bug 2689] New: [PATCH]: enhanced "what's past last mpls label?
Date: Mon, 7 Jul 2008 07:28:31 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2689

           Summary: [PATCH]: enhanced "what's past last mpls label?"
                    heuristic
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: francesco.fondelli@xxxxxxxxx



FF <francesco.fondelli@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1971|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=1971)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1971)
[PATCH]: enhanced "what's past last mpls label?" heuristic

Build Information:
wireshark 1.0.99-SVN-25387

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.8.15, with GLib 2.10.1, with libpcap 0.9.4, with libz
1.2.3, with POSIX capabilities (Linux), with libpcre 6.3, without SMI, without
ADNS, without Lua, without GnuTLS, with Gcrypt 1.2.2, with MIT Kerberos,
without
PortAudio, without AirPcap.

Running on Linux 2.6.18.1, with libpcap version 0.9.4.

Built using gcc 4.1.0 20060304 (Red Hat 4.1.0-3).

--
Hi all,

Attached is a patch for:

- PW Associated Channel Header dissection as per RFC 4385
- PW MPLS Control Word dissection as per RFC 4385
- mpls subdissector table indexed by label value
- enhanced "what's past last mpls label?" heuristic
- Ethernet PW (w/o CW) support as per RFC 4448

The new logic to dissect data after last mpls label is:

if (!dissector_try_label(mpls_subdissector_table, label, ...)) {
       if (nibble == 6) {
               call_dissector(ipv6_handle, ...);
       } else if (nibble == 4) {
               call_dissector(ipv4_handle, ...);
       } else if (nibble == 1) {
               dissect_pw_ach(next_tvb, ...);
       } else if (nibble == 0) {
              if (looks_like_plain_eth(next_tvb)) {
                     call_dissector(eth_withoutfcs_handle, next_tvb, ...);
              } else {
                     dissect_pw_mcw(next_tvb, ...);
              }
       } else {
              call_dissector(eth_withoutfcs_handle, ...);
       }
}

The mpls protocol dissector has now a subdissector table indexed by label.
If the user specifies a binding (through "Decode as...") label N <--> proto X
wireshark will pass data past last mpls label to dissector X. If there is
no label2proto binding the legacy "first nibble based" algorithm (corrected and
enhanced) is used.

the original code was:

     if (ipvers == 6) {
       call_dissector(ipv6_handle, next_tvb, pinfo, tree);
     } else if (ipvers == 4) {
       call_dissector(ipv4_handle, next_tvb, pinfo, tree);
     } else if (ipvers == 1) {
       dissect_mpls_control(next_tvb, pinfo, tree);
     } else {
       call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
     }

dissect_mpls_control() is now called dissect_pw_ach() (ach stands for 
Associated Channel Header) as per RFC 4385 terminology.
dissect_pw_mcw() (mcw stands for MPLS Generic/Preferred Control Word) 
is called only if the first nibble is 0 (as per RFC 4385) and if the 
first 12 bytes of data look like two mac addresses.

Ethernet PWs are common nowadays with and without CW (control word: 
4 bytes between last mpls label and the encapsulated ethernet header) 
in service provider networks.  I have been told few times that 
"wireshark doesn't work" because of the CW presence.  This patch
"automagically" provides a valid dissection in most common "eth 
PWs with/without CW" cases.

Moreover, this patch allows wireshark users to manually provide info
in case the heuristic fails.

If you accept this changes new dissectors, one for each type of PW 
encapsulated traffic, can be easily implemented (packet-pw-eth.c is 
provided as a starting point).

- Structure-Agnostic Time Division Multiplexing (TDM) over Packet 
  (SAToP) (RFC 4553)

- Structure-Aware Time Division Multiplexed (TDM) Circuit Emulation Service 
  over Packet Switched Network
  (CESoPSN) (RFC 5086) 

are at the top of my to-do list.

I have used and fuzz-tested this code.  Please check it in.

Ciao
FF

ps
patch is against svn #25387 but unfortunately is a "diff -ru dir1 dir2"
because I cannot "svn diff" anymore due to bad bad proxy settings,
sorry, it should work fine anyway.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.